US & Canada Cyber Agencies Issue Alert To Healthcare Providers For Ransomware

Journalist:
April 7, 2016

US and Canada cyber security agencies issued an alert last week regarding an increasing number of ransomware attacks against healthcare organizations. Five providers, in just the last month alone, have been infected with such computer viruses, and often they are forced to pay Bitcoin ransoms.

“Malicious software” infected the computer system at Alvarado Hospital Medical Center in San Diego last month. Two other hospitals, Chino Valley Medical Center and Desert Valley Hospital in Victorville, were also infected. Each of these infected parties is a Prime Healthcare Hospital.

In Indiana, hackers locked down King’s Daughters Health computer systems after compromising just one employee’s files with a ransomware virus. The hospital claimed in a statement that no patient data had been compromised in the attack.

Since 2012, hackers have enjoyed great success with ransomware. The profit potential, made easier thanks to the pseudonymous nature of Bitcoin, led to an epidemic of ransomware software, according to the United States – Computer Emergency Readiness Team and the Canadian Cyber Incident Response Center.

Ransomware can encrypt files on infected devices, as well as contents of shared or networked drives, the US-CERT/CCIRC warn. Until a hacker receives the ransom, the files are inoperable.

One type of ransomware, Locky, infects particularly those computers belonging to healthcare facilities and hospitals in the US, New Zealand and Germany. Bitcoin, the distributed digital currency, also makes the proliferation of ransomware possible by allowing ransoms to be paid without revealing identities in a simple, streamlined manner. The hackers demand bitcoin payment to unlock the systems.

As the US-CERT alert reads: “Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.”

The Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to an a cyber attack that compromised its computer systems for over a week.

In April, Hackers using malware evidently locked MedStar Health’s computer system. They demanded the hospital pay 45 bitcoins – $19,000 – to unlock data.

The malware prohibited MedStar workers from accessing patient data. MedStar has yet to announce the attack as ransomware, but Washington Post reported MedStar employees saw a pop-up demanding 45 bitcoins to unlock the data. The Baltimore Sun reports that the hackers offered MedStar access to one locked computer in exchange for 3 bitcoins.

“You just have 10 days to send us the Bitcoin,” a note published by Washington Post stated. “After 10 days we will remove your private key and it’s impossible to recover your files.”

By the end of last week, most systems were working: “As of Friday morning, we were approaching 90 percent functionality of our systems,” the provider said in a statement. Inpatient and outpatient EHRs work, and so too the provider’s registration and scheduling functions.

“Numerous other systems are also back online, and we are working on the remaining clinical and administrative systems that connect to our network and are resolving unique, site-specific issues on a real-time basis,” the company stated.

A recent focus of the FBI, ransomware attacks of health organizations have infected hospitals in California, Kentucky, Maryland and the District of Columbia.

The nascent anti-ransomware industry has yet to craft solutions to keep up with the cutting edge of ransomware.

BitDefender, a Bitcoin facing company, claims to have developed a solution to ransomware. Recent ransomware can be installed on a victim’s computer upon a simple visit of a malicious website. Advertising networks have also been used as vehicles for ransomware.

Bitdefender Lab’s released late last month a program to protect consumers and enterprises from ransomware. While no silver bullet, the company does at least highlight what surely will amount to a growing industry in coming years: the anti-ransomware industry.

“The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender.”

Featured image from Shutterstock.

Last modified (UTC): April 26, 2016 12:57